Roles installed with customer access management
Summarize
Summary of Roles installed with customer access management
Customer Access Management in ServiceNow uses predefined functional and granular roles to control relationships between users and entities, ensuring secure and appropriate access to Customer Service Management (CSM) data. These roles enable authorized parties to access cases, sold products, install bases, and related entities, maintaining data security while facilitating efficient customer service operations.
Show less
Granular roles grant specific privileges on individual entities, while functional roles bundle multiple granular roles to enable meaningful actions across related records. This layered role model allows you to define precise access controls that improve security and the customer experience.
Key Features
- Functional Roles: Comprise sets of granular roles tailored to enable users to perform specific functions such as case management, viewing sold products, and managing install base items and related cases.
- Granular Roles: Provide fine-grained read or write permissions on specific entities like cases, sold products, install base records, and related parties.
- Predefined Functional Roles Include:
- Case Authorized Contact, Consumer, Contributor – for case access and management
- Sold Product Authorized Contact, Consumer – for sold product and associated install base access
- Install Base Authorized Contact, Consumer, Contributor, Member, Account, Service Organization – for install base viewing and case management
- Predefined Granular Roles Include:
- Read and write access roles for sold products, sold product contacts, consumers
- Read and create/write access roles for cases and case-related parties
- Read and write access roles for install base and install base related parties
- Read access for installed products
- Role Dependencies: Some roles require specific plugins and are built upon related granular roles to provide comprehensive access.
- Role Assignment: You assign granular roles to functional roles to customize access according to your organization's needs.
Key Outcomes
- Enables secure, role-based access control to customer service and product data within ServiceNow.
- Allows customers, contacts, and internal users defined access to cases, sold products, and install base records relevant to them.
- Supports efficient case handling, notifications, and service management while protecting sensitive information.
- Facilitates flexible configuration of access policies by combining granular roles into functional roles matching business requirements.
- Improves customer experience by ensuring the right users have timely access to appropriate information and actions.
Customer access management uses different predefined functional and granular roles to establish relationships between users and entities. The granular and functional roles help provide user access to information and maintain data security.
Functional and granular roles overview
Functional and granular roles help provide authorized related parties access to the case, and provide additional contacts or additional consumers access to the sold product.
Granular roles provide access to cases, sold product, and related entities. One or more granular roles can be bundled together as a functional role to perform a meaningful action. Linking multiple granular roles to a functional role enables you to build your own access rules by applying the functional and granular roles for various Customer Service Management (CSM) entities.
A granular model helps to protect data by granting the required level of access to the relevant CSM entities. With this functionality, each role is associated with a set of privileges or responsibilities that determine users’ access to certain information. You can set granular policies that authorize individuals to do their jobs efficiently and effectively, which helps to improve the customer experience.
Roles and descriptions
Functional roles are a set of granular roles that are required to perform a function that requires access on multiple entities. The following table lists the functional roles for customer access management.
| Role title [name] | Plugins required | Description | Contains roles |
|---|---|---|---|
| Case Authorized Contact [sn_customerservice.case_authorized_contact] |
Customer Service [com.sn_customerservice] |
This role provides access to add additional comments and attachments, accept or reject a solution, receive notifications on case updates, close a case, and update case tasks. | sn_customerservice.case_write_granular |
| Case Authorized Consumer [sn_customerservice.case_authorized_consumer] |
Customer Service [com.sn_customerservice] |
This role provides access to add additional comments and attachments, accept or reject a solution, receive notifications on case updates, close a case, and update case tasks. | sn_customerservice.case_write_granular |
| Case Authorized Contributor [sn_customerservice.case_authorized_contributor] |
Customer Service [com.sn_customerservice] |
This role provides access to add additional comments and attachments, accept or reject a solution, receive notifications on case updates, close a case, and update case tasks. | sn_customerservice.case_write_granular |
| Sold Product Authorized Contact [sn_install_base.sold_product_authorized_contact] |
Customer Service Install Base Management [com.snc.install_base] |
This role provides access to view sold product and associated install base items, create cases, and access cases that are related to the sold product. Also, this role provides access to sold product related parties, affected install base items, and manage service catalog requests from the sold product. |
|
| Sold Product Authorized Consumer [sn_install_base.sold_product_authorized_consumer] |
Customer Service Install Base Management [com.snc.install_base] |
This role provides access to view sold product and associated install base items, create cases, and access cases related to the sold product. Also, this role provides access to sold product related parties, affected install base items, and manage service catalog requests from the sold product. |
|
| Install Base Authorized Contact [sn_install_base.install_base_authorized_contact] |
Customer Service Install Base Management [com.snc.install_base] |
This role provides the contact access to view the install base and its associated sold products when added as a related party. Additionally, it enables the contact to create and manage cases for the related install base records. Creation of case is only allowed if the contact and install base belong to the same account. |
|
| Install Base Authorized Consumer [sn_install_base.install_base_authorized_consumer] |
Customer Service Install Base Management [com.snc.install_base] |
This role provides the consumer access to view the install base and its associated sold products when added as a related party. Additionally, it enables the user to create and manage cases for the related install base records. |
|
| Install Base Authorized Contributor [sn_install_base.install_base_authorized_contributor] |
Customer Service Install Base Management [com.snc.install_base] |
This role provides the internal user to view the install base and its associated sold products when added as a related party. Additionally, it enables the user to create and manage cases for the related install base records. |
|
| Install Base Authorized Member [sn_install_base.install_base_authorized_member] |
Customer Service Install Base Management [com.snc.install_base] |
This role provides the service organization member to view the install base and its associated sold products when added as a related party. Additionally, it enables the user to create and manage cases for the related install base records. |
|
| Install Base Authorized Account | Customer Service Install Base Management [com.snc.install_base |
Provides access to all the contacts of the account to view the install base and its associated sold products when added as a related party. Additionally, it enables the contact to create and manage cases for the related install base records. Creation of case is only allowed if contact and install base belongs to same account. |
|
| Install Base Service Organization | Customer Service Install Base Management [com.snc.install_base |
Provides access to all the members of service organization to view the install base and its associated sold products when added as a related party. Additionally, it enables the users to manage cases for the related install base records. |
|
The following table lists the granular roles for customer access management.
| Role title [name] | Plugin required | Description | Contains roles |
|---|---|---|---|
| Sold Product Read [sn_install_base.sold_product_read_granular] |
Customer Service Install Base Management
[com.snc.install_base] |
This role provides granular read access to the sold product. | None |
| Sold Product Contact
Read [sn_install_base.sold_product_contact_read_granular] |
Customer Service Install Base Management
[com.snc.install_base] |
This role provides granular read access to related parties of the sold product. | None |
| Sold Product Contact
Write [sn_install_base.sold_product_contact_write_granular] |
Customer Service Install Base Management
[com.snc.install_base] |
This role provides granular write access to related parties of the sold product. | sn_install_base.sold_product_contact_read_granular |
| Sold Product Consumer
Read [sn_install_base.sold_product_consumer_read_granular] |
Customer Service Install Base Management
[com.snc.install_base] |
This role provides granular read access to additional consumers of the sold product and sold product-related parties. | None |
| Sold Product Consumer
Write [sn_install_base.sold_product_consumer_write_granular] |
Customer Service Install Base Management
[com.snc.install_base] |
This role provides granular write access to additional consumers of the sold product and sold product-related parties. | sn_install_base.sold_product_consumer_read_granular |
| Case Read [sn_customerservice.case_read_granular] |
Customer Service [com.sn_customerservice] |
This role provides granular read access to the case. | None |
| Cases Create [sn_customerservice.case_create_granular] |
Customer Service [com.sn_customerservice] |
This role provides granular create access to the case. | sn_customerservice.case_read_granular |
| Case Write [sn_customerservice.case_write_granular] |
Customer Service [com.sn_customerservice] |
This role provides granular write access to the case. |
|
| Case Related Party Write
[sn_customerservice.case_related_party_write_granular] |
Customer Service [com.sn_customerservice] |
This role provides granular write access to case-related parties. | None |
| Install Base Read [sn_install_base.install_base_read_granular] |
Customer Service Install Base Management
[com.snc.install_base] |
This role provides granular read access to the install base. | None |
| Install Base Related Party
Read [sn_install_base.install_base_related_party_read_granular] |
Customer Service Install Base Management
[com.snc.install_base] |
This role provides granular read access to install base related party records. | None |
| Install Base Related Party
Write [sn_install_base.install_base_related_party_write_granular] |
Customer Service Install Base Management
[com.snc.install_base] |
This role provides granular write access to install base related party records. | [sn_install_base.install_base_related_party_read_granular] |
| Installed Product
Read [sn_install_base.installed_product_read_granular] |
Customer Service Install Base Management
[com.snc.install_base] |
This role provides granular read access to the installed product. | None |